artapamudaid/secure-api-server
最新稳定版本:1.0.0
Composer 安装命令:
composer require artapamudaid/secure-api-server
包简介
Laravel package for secure API HMAC authentication
README 文档
README
A secure API authentication package for Laravel using API Key + Secret + HMAC signature with nonce & timestamp validation.
Built for protecting internal or third-party API calls with full management support.
✨ Features
- 🔑 Generate secure API Key & Secret
- 🔐 Validate signature using HMAC
- 🕒 Protects with
X-TIMESTAMPandX-NONCE - 🚫 Revoke or delete API Keys
- 👤 Enforce one key per user
- 📦 Fully tested with PHPUnit 12
📦 Installation (via Packagist)
composer require artapamudaid/secure-api-server
Lalu:
php artisan vendor:publish --tag=config php artisan migrate
⚙️ Configuration
Konfigurasi berada di config/apikey.php:
return [ 'enabled' => true, 'timestamp_tolerance' => 300, // in seconds (default 5 minutes) ];
🚀 API Endpoints
| Method | Endpoint | Description |
|---|---|---|
| POST | /secure-api/key |
Generate API key + secret |
| GET | /secure-api/keys |
List all API keys |
| DELETE | /secure-api/key/{id} |
Delete API key |
| PATCH | /secure-api/key/{id}/revoke |
Revoke API key |
| POST | /secure-api/ping |
Test secure endpoint |
🧾 Required Headers for Secured Endpoints
X-API-KEY: {api_key}
X-API-SIGNATURE: {hmac_signature}
X-TIMESTAMP: {unix_timestamp}
X-NONCE: {random_string}
HMAC Signature format:
HMAC_SHA256(api_key . nonce . timestamp, secret)
🧪 Running Tests
composer install vendor/bin/phpunit
Dibangun menggunakan:
-
PHPUnit ^12.0
-
Orchestra Testbench (Laravel testing framework)
🛡 Laravel Compatibility
| Laravel Version | Support |
|---|---|
| 8.x | ✅ |
| 9.x | ✅ |
| 10.x | ✅ |
| 11.x | ✅ |
统计信息
- 总下载量: 3
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 0
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2025-07-16